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A quantum password is a quantum mechanical analogue of the classical password. Our proposal is completely 
quantum mechanical in nature, i.e. at no point is information stored and manipulated classically. We show that, 
in contrast to quantum protocols that encode classical information, we are able to prevent the distribution of 
reusable passwords even when Alice actively cooperates with Eve. This allows us to confront and address 
security issues that are unavoidable in classical protocols. 



I. INTRODUCTION 

Alice, a physicist, decides to purchase a subscription to a 
well known online physics journal that is run by an entity we 
shall call Bob. Once the transaction is complete, she is given 
a password that allows her access to the journal, a password 
that can be distributed at will. In particular, Alice gives the 
password to her friend Eve, who then resells it to the horde of 
independent physicists interested only in obtaining the journal 
at a cheaper price. Even if Alice were only to distribute the 
password to three of her closest friends, Bob's income would 
be a quarter of what it should be. Yet, there is no guaranteed 
method in which Bob can prevent and detect such behavior. 

In this new age of information, passwords have become 
an essential part of everyday life, used for e-mails, bank ac- 
counts, CD-keys and a multitude of online products. Yet such 
passwords are often saved on a customer's computer, easily 
vulnerable to viruses and trojan attacks. Once such informa- 
tion is extracted by Eve, she is free to mass distribute it, ex- 
acerbating everything from piracy, unlawful reselling to the 
more serious cases of identity theft. For example, CD-keys 
are often used as a method to prevent piracy, especially for 
programs that involve an online service. Yet, nothing prevents 
a person from purchasing the software and copying it, writing 
down the key and returning it under a standard money back 
guarantee. 

Classically, the only proven method to prevent password 
sharing is the use of one-time passwords, where a different 
password is required each time Alice accesses the system. 
Such a protocol creates a number of inconveniences, such as 
the unsuitability for group licenses, where a service is sold to 
a specified number of people. Also, Eve can steal one-time 
passwords at no risk, as she does not disturb Alice or Bob's 
system until she uses the password. 

Can the laws of quantum mechanics guarantee the security 
of Alice 's information, even from herself? So that there always 
exists a test that Alice can make to determine if Eve has taken 
her password before Eve makes use of it. In this way Bob 
can be fully confident that the service he sells cannot be dis- 
tributed or resold to multiple people. In this paper, we propose 
a quantum analogue of the classical password, whose security 
is guaranteed by the no-cloning theorem fl]. In contrast to the 
classical one-time password scheme, our quantum password 
is not one time. Also the fact that Eve can be detected as soon 
as she takes the password, discourages any attempt to do so. 

While our proposal shares some similarities in aim with 



quantum identification schemes 01 and quantum cryptog- 
raphy protocols 1 4], it has one critical distinction. We do not 
assume Alice's station is secure, or even that she is on Bob's 
side. In particular, all of the aforementioned protocols involve 
a password stored as classical information which is encoded 
into a quantum state for transmission. While they guarantee 
security during transmission, Alice's password, stored at her 
station, can always be cloned without detection. The only pre- 
vious proposal 1 5] in this area was one time, and demonstrated 
to be equivalent to proposals based on classical correlations 
01 • In this paper, we argue that a password can be verified 
using an entirely physical process, and unlike classical doc- 
uments, need not be read by a human being. Therefore it is 
not necessary for a password to be an encoding of classical 
information. 

We propose a quantum password represented entirely by a 
quantum state that has no set basis of measurement and en- 
codes no classical information. Since our protocol does not 
require Alice to have any knowledge of this quantum state, 
the no-cloning theorem can be easily employed. Thus Alice 
cannot distribute her password to anyone, short of giving it 
away and consequently losing her only copy. Therefore there 
is only one quantum password existing, per person, at any one 
time. In addition, the quantum nature of the password means 
that it cannot be measured exactly, and allows our protocol to 
retain its security even when Bob's login server in vulnerable. 
That is, even if Eve has access to Bob's login server, she still 
cannot access the restricted content without detection. This 
is not possible classically and is a further distinction from the 
one-time password protocol. 



II. QUANTUM PASSWORD PROTOCOL 

The standard protocols of classical passwords can be di- 
vided into various stages: the creation of an account when Al- 
ice signs up for a service provided by Bob, the distribution of 
the password from Alice to Bob, and the process of password 
verification by Bob. More explicitly, Alice would purchase the 
password from Bob, which is used for verification each time 
she wishes to access Bob's product. In the quantum version 
of this protocol, all three steps are kept intact (see Fig.[lJ. The 
major difference is that the password itself will be a quantum 
object, and the process of transmission and verification are 
both done quantum mechanically. 
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(a) Setting Up Account 
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(1) Alice contacts Bob to set up an account. 

(2) Bob creates two identical quantum passwords. 

(3) Bob sends one quantum password over a 
quantum channel to Alice and keeps the other. 



(b) Using the Quantum 
Password 
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(1) Alice logs into Bob's server. 

(2) Alice sends her quantum password 
to Bob over a quantum channel. 



(c) Verification 
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(1) Bob compares his stored quantum password 
with the one Alice sends him using the SWAP 
protocol. 

(2) If the two quantum passwords are the same 
Alice is granted access otherwise she is denied. 



FIG. 1 : The quantum password protocol can be broken up into three stages: (a) setting up the account (b) using the quantum password 
and (c) the verification by Bob. Here Alice's quantum password is given by cj> and Bob's stored copy of the password given by ij). 



A. Assumptions 

Since the passwords featured within this protocol are not 
encodings of classical information, we are able to make sev- 
eral significant relaxations to the assumptions made in quan- 
tum cryptography |4]. As aforementioned, we assume that 
Alice's server is insecure, and in addition, Eve also has the 
ability to extract information from Bob's log-in server. These 
conditions are realistic, given that it is no harder, and often 
easier to install viruses into another's computer than to extract 
information during transmission. 

However we do assume that there exists an unjammable 
classical public channel between Alice and Bob, such that Al- 
ice is able to contact Bob should her password be compro- 
mised. When these conditions are met, the protocol is com- 
pletely secure, where security is defined by the fact that Eve 
cannot take the password without disturbing the system, and 
hence cannot escape detection. Explicitly, if Eve gains any 
information about the quantum password, there exists a finite 
probability that she will be detected. 



B. Setting up the Quantum Password 

Alice contacts Bob who organizes to give Alice her own 
quantum password (along with a classical username which 
will be omitted in further discussion). For simplicity, we con- 
sider that each password consists of only one qubit. In prac- 
tice, the quantum password would consist of many qubits, so 
that the probability of a successful random guess is negligible. 



Bob generates a random password given by 

|^) = c 1 |0)+c 2 |l) (1) 

where |ci| 2 + \c2\ 2 = 1, and creates an identical clone \<j>) 
- this does not violate the no-cloning theorem as the state is 
known to Bob. Bob stores his cloned qubit in quantum mem- 
ory and sends the other qubit to Alice through an insecure 
quantum channel. 

C. Using the Quantum Password 

In order for Alice to use her quantum password, she sends 
it back along the quantum channel to Bob. Bob then needs 
to compare his stored copy of Alice's quantum password \<j>) 
with the quantum password Alice has sent to him If both 
passwords are identical, then Bob will allow Alice access to 
his computer. 

D. Verifying the Quantum Password 

To compare the two quantum passwords \<j>) and Bob 
performs a controlled- SWAP operation O] using a Fredkin 
gate |0] to determine if they are identical (see Fig. |2|). The 
advantage is that this operation can be performed without ex- 
plicit knowledge of either of the quantum passwords. Explic- 
itly, Bob introduces an ancilla qubit and performs the opera- 
tion 

| 7 > = (£<8>/)(c-SWAP)(fT<g> /)|O)|0)|^) (2) 
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where H is the Hadamard operator that transforms |a) — > 
-^(|0) + (-l) a |l)) with a e (0,1) and acts only on the 

Hilbert space of the ancilla qubit |0). I is the identity operator 
acting only on \<j>) The controlled- SWAP is the operation 
which swaps the states \(j>) and \ip) depending on the parity of 
the ancilla qubit. That is, it performs the SWAP operation 



(3) 



if the state of the ancilla qubit is 1 0) and acts as the identity 
if the qubit is |1). The resulting state of the system can be 
written as 



|7> = dOXI^M + l^» + oHXI</>M " (4) 



Bob will now measure the ancilla qubit in the computational 
basis |0) and |1) with outcome probabilities given by 



P(l) = |(l| 7 )| 2 : 

P(0) = |(0| 7 )| 2 



1 



(l-l(^)l 2 

|(i + K^>l 2 



(5) 
(6) 



If the two quantum passwords are identical, i.e. \<j>) = 
then from Eqs. (15161) we have P(l) = and P(0) = 1. Thus 
if Bob were to measure 1, he knows with certainty that the 
supplied password is incorrect. However if he were to mea- 
sure 0, he would assume the password to be correct and al- 
low access. Note that since P(0) < 1 when the states are 
not identical, extending the length of the quantum password 
will ensure that Eve cannot achieve success through a random 
guess. Additionally, should the passwords be identical, this 
measurement process will leave the quantum passwords un- 
changed. Therefore the quantum password is reusable and not 
a one-time password equivalent. 



io> 
i<i»- 





H 




H 


















SWAP 





FIG. 2: Schematic of the quantum circuit used by Bob to verify 
Alice's quantum password; where H is a Hadamard gate and the 
controlled- SWAP is achieved using a Fredkin gate. 



order for Eve to steal Alice's password without any chance of 
detection, she would be required to take it from Alice's station 
or intercept it during transmission, clone it perfectly and then 
return the original password without detection. Since we as- 
sume Alice's station is not secure, Eve is free to perform the 
first and final steps, but can only perform an approximation of 
the second. 

Suppose Eve were to make an attempt in breaching the se- 
curity of the quantum password protocol. That is, she de- 
sires to create a quantum state \<j)') that is a good approxi- 
mation to the true password | (j>) without detection from Alice 
or Bob. Eve is forbidden to modify Alice's password signif- 
icantly, since doing so would cause Alice's password to fail 
during the SWAP verification and hence reveal her actions. 
Let us first assume Eve uses the symmetric universal quantum 
cloning machine 1 9]. Given an input state \<p), the cloning ma- 
chine would output two identical cloned quantum passwords 
with a fidelity of 5/6 with respect to the original input. For 
qubit states, the two clones can be described by the same den- 
sity operator 



Pom = 1^) <</>! + JlV^I 



(7) 



where is a quantum state containing the errors of the 
cloning machine and is orthogonal to \(j>), i.e. {^\<j)) = 0. 

In order for Eve to steal the password successfully, two 
events must occur. Firstly, Alice's quantum password must 
not be disturbed to the point where she can no longer access 
Bob's network, and secondly, the clone she has created must 
be accepted by Bob's server. Clearly, for a quantum password 
consisting of a single qubit, Eve chance of successfully using 
a clone is given by (5/6) 2 w 69% (see Fig.0. Thus, for a 
quantum password of N qubits in length, Eve's success rate is 
reduced exponentially to (5/6) 2iV . 

In the more general case where Eve utilizes two noniden- 
tical clones from an asymmetrical quantum cloning machine 
fioll . it can be demonstrated that the fidelity of the clone Fs, 
and the password after measurement with respect to the origi- 
nal input Fg , must satisfy the relation F$F f s < 5/6 1 1 1 ] . Thus 
Eve's success rate is always bounded by (5/6) 2iV . Therefore, 
provided we use a quantum password of sufficient length, the 
security of the protocol is guaranteed against such an attack. 

Additionally, by assuming that Bob's login server is also 
insecure, Eve has the option of cloning Bob's quantum pass- 
word instead. However, since Bob has knowledge of what the 
password is, he can always check whether it has been mod- 
ified by comparing it to an offline (and thus secure) copy of 
the password. Should such a comparison fail at any time, he 
would generate a new quantum password and eliminate any 
information Eve may have gained from the state. Thus, the 
analysis of security for such an attack is reduced to the previ- 
ous case. 



III. SECURITY OF QUANTUM PASSWORDS 



The security of the quantum password scheme is due to the 
no-cloning theorem [ 1 ] which states that an unknown quan- 
tum state cannot be perfectly cloned. In addition, any mea- 
surement made on such a state will in general disturb it. In 



IV. APPLICATIONS OF QUANTUM PASSWORDS 

Passwords were designed with the intention of providing 
secure services, in the sense that such services can only be 



4 



i 




Number of qubits in quantum password 

FIG. 3: Probability that Eve can successfully use a clone of a 
quantum password verses the number of qubits contained in the 
password. Eve's success rate is bounded by (5/6) 2N due to the 
fidelity of her quantum cloning machine. If Bob uses 13 or more 
qubits, then he is guaranteed that a fraudulent password will be 
detected at least 99.9% of the time. 



used by authorized parties. The ability to clone and distribute 
a password clearly violates this intention, and, is greatly detri- 
mental to any service which involves the use of such devices. 
As quantum passwords cannot be cloned, it is potentially ap- 
plicable to any protocol that involves a variation of the classi- 
cal password. For example: 

1 . CD-keys are currently a widely used method to prevent 
piracy, used to validate the authenticity of a program 
whenever a user attempts to access some related online 
service. Suppose Alice runs a cybercafe with such pro- 
grams installed. CD-key grabbers are commonly avail- 
able for a visitor, Eve, to steal the key. If the pass- 
words were made quantum, any such attempts can by 
easily detected by quantum password verification prior 
to Eve's departure from the cybercafe. Therefore, the 
chance of being caught on the spot will severely dis- 
courage such attempts. 

2. Credit Card numbers are a variation of classical pass- 
words. If Alice were to purchase concert tickets over 
the phone, she would need to give the information re- 
quired to access her account to a third party operator, ef- 
fectively cloning her password. The operator, can now 
retain and distribute this knowledge at her leisure. This 
problem cannot be circumvented using either classical 
or quantum cryptography since the operator, by defi- 
nition, must have all the necessary knowledge to ac- 
cess Alice's account. A quantum password prevents this 
problem, as the operator must return the password back 
to Alice, and any attempt to extract information during 
the process could be detected. 

3. Variations of the quantum password protocol can be im- 



plemented for ATM transactions where we need not as- 
sume security of either the client Alice, or even the lo- 
gin server, i.e. the ATM itself. Alice's quantum bank 
card stores a quantum state, which is matched by a 
clone on the bank's central server. Upon a transac- 
tion request, Bob sends his quantum password to the 
appropriate ATM and performs the verification proto- 
col. Even if Eve had access to the ATM, she would 
still be unable to use it without detection. Classical so- 
lutions, such as the S/Key one-time password scheme 
fl2ll . based on the computational difficulty of inverting 
the cryptographic hash function, are not formally se- 
cure. 



V. DISCUSSION 

Quantum passwords adopt a purely quantum approach to 
password identification, and in doing so, provides security 
that no classical protocol, or quantum protocol that involves 
the encoding of classical information, can offer. The imple- 
mentation of quantum passwords will require reliable quan- 
tum memory and quantum gates. However, there is no explicit 
need for universal quantum processors and is a protocol that 
can be achieved in the medium term. 

In this paper, we have outlined the idea of quantum pass- 
words in the simplest possible implementation using a string 
of qubits, though in reality, this need not be so. One can note 
that the verification process does not assume that the quantum 
password lives in any specific Hilbert space, and thus, one can 
envision encoding such passwords in higher dimensions. For 
example, a continuous variable version would be able to take 
advantage of the high detection efficiencies and higher infor- 
mation band widths. 

Future work could also be done in the analysis of how in- 
formation loss due to noise or decoherence would affect the 
security of the protocol. In this case, Bob would need to take 
into account the natural losses during storage and transmis- 
sion, and accept Alice's password provided a certain propor- 
tion of the qubits matched according to the SWAP protocol. 
Of course, this leeway would give a greater chance of using 
a cloned password, and one would be interested in the region 
where the protocol remains secure against such losses. 



VI. CONCLUSION 

In conclusion, we have introduced a quantum password 
scheme whose security is guaranteed by the no-cloning the- 
orem. When implemented, such a protocol would allow 
consumers to purchase items over the phone without worry, 
knowing that they could check if the operators on the other 
end have copied down their credit card details. It would give 
subscription services the peace of mind that the passwords 
they sell cannot be distributed over the internet. It also be- 
stows the added security when the login server itself becomes 
vulnerable, such as an ATM. Such security is made possible 
since our password is not a quantum encryption of classical 
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information, but simply a quantum state. In short, we take ad- We would like to thank Tim Ralph, Mark Dowling and 
vantage of the fact that passwords are meant to be used, not Henry Haselgrove for comments and useful discussions, 
read. 
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